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CLAIM AMENDMENTS 

1.-27. (Canceled) 

28. (New) A machine-implemented method, comprising: 

establishing, within a global operating system environment provided by a kernel 
instance, a first non-global zone which serves as a first virtual platform for supporting and 
isolating user processes, wherein the first non-global zone has a first zone identifier 
associated therewith, and wherein the first non-global zone is established and exists without 
requiring any user processes to be running therein; 

establishing, within said global operating system environment, a second non-global 
zone which serves as a second virtual platform for supporting and isolating user processes, 
wherein the second non-global zone has a second zone identifier associated therewith, and 
wherein the second non-global zone is established and exists without requiring any user 
processes to be running therein; 

executing a first set of one or more user processes within the first non-global zone, 
wherein each user process in the first set of user processes has the first zone identifier 
associated therewith; 

executing a second set of one or more user processes within the second non-global 
zone, wherein each user process in the second set of user processes has the second zone 
identifier associated therewith; and 

isolating the first set of user processes within the first non-global zone and the second 
set of user processes within the second non-global zone such that the first set of user 
processes cannot access processes in the second non-global zone and the second set of user 
processes cannot access processes in the first non-global zone. 
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29. (New) The method of claim 28, wherein the kernel instance provides services that 
are invoked by the first set of user processes, and wherein the services are invoked by the 
first set of user processes through the first virtual platform. 

30. (New) The method of claim 28, wherein executing the first set of user processes 
within the first non-global zone causes a first application environment to be established 
within the first non-global zone, and where the method further comprises: 

receiving a command to terminate the first application environment; and 
in response to the command to terminate the first application environment, 
terminating all user processes executing within the first non-global zone without halting the 
first non-global zone, so that the first non-global zone exists even after the first application 
environment is terminated. 

3 1 . (New) The method of claim 30, further comprising: 

receiving a command to re-establish the first application environment; and 
in response to the command to re-establish the first application environment, 
executing the first set of user processes again within the first non-global zone, thereby re- 
establishing the first application environment within the first non-global zone, wherein the 
first application environment is re-established within the first non-global zone without having 
to re-establish the first non-global zone. 



32. (New) The method of claim 28, 
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wherein a first set of resources are associated with the first non-global zone and a 
second set of resources are associated with the second non-global zone; 

wherein the first set of resources are accessed by the first set of user processes 
through the first virtual platform and the second set of resources are accessed by the second 
set of user processes through the second virtual platform; and 

wherein the first set of resources and the second set of resources each include one or 
more resources from the group consisting of a network interface, a communications interface, 
a file system, a system console, a DASD address, and an operating system service process. 

33. (New) The method of claim 32, wherein isolating the first set of user processes 
within the first non-global zone and the second set of user processes within the second non- 
global zone further comprises: 

preventing the first set of user processes from accessing the second set of resources 
associated with the second non-global zone; and 

preventing the second set of user processes from accessing the first set of resources 
associated with the first non-global zone. 

34. (New) The method of claim 32, wherein executing the first set of user processes 
within the first non-global zone causes a first application environment to be established 
within the first non-global zone, and wherein the method further comprises: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 
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terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
disassociating the first set of resources from the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 



35. (New) The method of claim 32, wherein executing the first set of user processes 
within the first non-global zone causes a first application environment to be established 
within the first non-global zone, and wherein the method further comprises: 
receiving a command to halt the first non-global zone; 
in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
performing one or more tasks from the group consisting of stopping a 

scheduler process, unmounting one or more file systems, closing one 
or more network interfaces, and removing configurations for devices 
associated with the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 



36. (New) The method of claim 28, further comprising: 
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allowing a first administrator to manage processes and resources within the first non- 
global zone, wherein the first administrator is not allowed to manage processes and resources 
within the second non-global zone; and 

allowing a second administrator to manage processes and resources within the second 
non-global zone, wherein the second administrator is not allowed to manage processes and 
resources within the first non-global zone. 

37. (New) The method of claim 28, wherein establishing the first non-global zone 
comprises: 

accessing configuration information associated with the first non-global zone; 

installing files and directories necessary for the first non-global zone to function; and 

readying the first non-global zone by performing one or more tasks from the group 
consisting of assigning the first zone identifier, starting a scheduler process, establishing one 
or more network interfaces, mounting one or more file systems, initializing a system console, 
and configuring one or more devices; 

wherein readying the first non-global zone does not include executing user processes 
within the first non-global zone. 

38. (New) The method of claim 37, wherein the configuration information comprises one 
or more parameters from the group consisting of a zone name, a path to a root directory for 
the first non-global zone, specification of one or more file systems to be mounted when the 
first non-global zone is readied, specification of one or more network interfaces, specification 
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of one or more devices to be configured when the first non-global zone is readied, and 
specification of resource controls to be imposed on the first non-global zone. 

39. (New) The method of claim 28, wherein executing the first set of user processes 
within the first non-global zone comprises: 

executing an initializer process; and 

initializing, by the initializer process, execution of the first set of user processes. 

40. (New) A machine-readable storage medium storing one or more sets of instructions 
which, when executed by one or more processors, cause the one or more processors to 
perform the steps of: 

establishing, within a global operating system environment provided by a kernel 
instance, a first non-global zone which serves as a first virtual platform for supporting and 
isolating user processes, wherein the first non-global zone has a first zone identifier 
associated therewith, and wherein the first non-global zone is established and exists without 
requiring any user processes to be running therein; 

establishing, within said global operating system environment, a second non-global 
zone which serves as a second virtual platform for supporting and isolating user processes, 
wherein the second non-global zone has a second zone identifier associated therewith, and 
wherein the second non-global zone is established and exists without requiring any user 
processes to be running therein; 
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executing a first set of one or more user processes within the first non-global zone, 
wherein each user process in the first set of user processes has the first zone identifier 
associated therewith; 

executing a second set of one or more user processes within the second non-global 
zone, wherein each user process in the second set of user processes has the second zone 
identifier associated therewith; and 

isolating the first set of user processes within the first non-global zone and the second 
set of user processes within the second non-global zone such that the first set of user 
processes cannot access processes in the second non-global zone and the second set of user 
processes cannot access processes in the first non-global zone. 

41. (New) The machine-readable storage medium of claim 40, wherein the kernel 
instance provides services that are invoked by the first set of user processes, and wherein the 
services are invoked by the first ,set of user processes through the first virtual platform. 

42. (New) The machine-readable storage medium of claim 40, wherein executing the 
first set of user processes within the first non-global zone causes a first application 
environment to be established within the first non-global zone, and wherein the machine- 
readable storage medium further stores one or more sets of instructions for causing the one or 
more processors to perform the steps of: 

receiving a command to terminate the first application environment; and 
in response to the command to terminate the first application environment, 
terminating all user processes executing within the first non-global zone without halting the 
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first non-global zone, so that the first non-global zone exists even after the first application 
environment is terminated. 

43. (New) The machine-readable storage medium of claim 42, wherein the machine- 
readable storage medium further stores one or more sets of instructions for causing the one or 
more processors to perform the steps of: 

receiving a command to re-establish the first application environment; and 
in response to the command to re-establish the first application environment, 
executing the first set of user processes again within the first non-global zone, thereby re- 
establishing the first application environment within the first non-global zone, wherein the 
first application environment is re-established within the first non-global zone without having 
to re-establish the first non-global zone. 

44. (New) The machine-readable storage medium of claim 40, 

wherein a first set of resources are associated with the first non-global zone and a 
second set of resources are associated with the second non-global zone; 

wherein the first set of resources are accessed by the first set of user processes 
through the first virtual platform and the second set of resources are accessed by the second 
set of user processes through the second virtual platform; and 

wherein the first set of resources and the second set of resources each include one or 
more resources from the group consisting of a network interface, a communications interface, 
a file system, a system console, a DASD address, and an operating system service process. 
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45. (New) The machine-readable storage medium of claim 44, wherein isolating the first 
set of user processes within the first non-global zone and the second set of user processes 
within the second non-global zone further comprises: 

preventing the first set of user processes from accessing the second set of resources 
associated with the second non-global zone; and 

preventing the second set of user processes from accessing the first set of resources 
associated with the first non-global zone. 

46. (New) The machine-readable storage medium of claim 44, wherein executing the 
first set of user processes within the first non-global zone causes a first application 
environment to be established within the first non-global zone, and wherein the machine- 
readable storage medium further stores one or more sets of instructions for causing the one or 
more processors to perform the steps of: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
disassociating the first set of resources from the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

47. (New) The machine-readable storage medium of claim 44, wherein executing the 
first set of user processes within the first non-global zone causes a first application 
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environment to be established within the first non-global zone, and wherein the machine- 
readable storage medium further stores one or more sets of instructions for causing the one or 
more processors to perform the steps of: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
performing one or more tasks from the group consisting of stopping a 

scheduler process, unmounting one or more file systems, closing one 
or more network interfaces, and removing configurations for devices 
associated with the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

48. (New) The machine-readable storage medium of claim 40, wherein the machine- 
readable storage medium further stores one or more sets of instructions for causing the one or 
more processors to perform the steps of: 

allowing a first administrator to manage processes and resources within the first non- 
global zone, wherein the first administrator is not allowed to manage processes and resources 
within the second non-global zone; and 

allowing a second administrator to manage processes and resources within the second 
non-global zone, wherein the second administrator is not allowed to manage processes and 
resources within the first non-global zone. 
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49. (New) The machine-readable storage medium of claim 40, wherein establishing the 
first non-global zone comprises: 

accessing configuration information associated with the first non-global zone; 

installing files and directories necessary for the first non-global zone to function; and 

readying the first non-global zone by performing one or more tasks from the group 
consisting of assigning the first zone identifier, starting a scheduler process, establishing one 
or more network interfaces, mounting one or more file systems, initializing a system console, 
and configuring one or more devices; 

wherein readying the first non-global zone does not include executing user processes 
within the first non-global zone. 

50. (New) The machine-readable storage medium of claim 49, wherein the configuration 
information comprises one or more parameters from the group consisting of a zone name, a 
path to a root directory for the first non-global zone, specification of one or more file systems 
to be mounted when the first non-global zone is readied, specification of one or more 
network interfaces, specification of one or more devices to be configured when the first non- 
global zone is readied, and specification of resource controls to be imposed on the first non- 
global zone. 

5 1 . (New) The machine-readable storage medium of claim 40, wherein executing the 
first set of user processes within the first non-global zone comprises: 

executing an initializer process; and 

16 

SUN 030243-US-NP 



Application of John T. Beck, Ser. No. 10/761,622, Filed: January 20, 2004 Docket No. 15437-0592 
Reply to Office Action 

initializing, by the initializer process, execution of the first set of user processes. 

52. (New) An apparatus comprising: 

means for establishing, within a global operating system environment provided by a 
kernel instance, a first non-global zone which serves as a first virtual platform for supporting 
and isolating user processes, wherein the first non-global zone has a first zone identifier 
associated therewith, and wherein the first non-global zone is established and exists without 
requiring any user processes to be running therein; 

means for establishing, within said global operating system environment, a second 
non-global zone which serves as a second virtual platform for supporting and isolating user 
processes, wherein the second non-global zone has a second zone identifier associated 
therewith, and wherein the second non-global zone is established and exists without requiring 
any user processes to be running therein; 

means for executing a first set of one or more user processes within the first non- 
global zone, wherein each user process in the first set of user processes has the first zone 
identifier associated therewith; 

means for executing a second set of one or more user processes within the second 
non-global zone, wherein each user process in the second set of user processes has the second 
zone identifier associated therewith; and 

means for isolating the first set of user processes within the first non-global zone and 
the second set of user processes within the second non-global zone such that the first set of 
user processes cannot access processes in the second non-global zone and the second set of 
user processes cannot access processes in the first non-global zone. 
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53. (New) The apparatus of claim 52, wherein the means for executing the first set of 
user processes within the first non-global zone causes a first application environment to be 
established within the first non-global zone, and where the apparatus further comprises: 

means for receiving a command to terminate the first application environment; and 
means for terminating, in response to the command to terminate the first application 
environment, all user processes executing within the first non-global zone without halting the 
first non-global zone, so that the first non-global zone exists even after the first application 
environment is terminated. 

54. (New) The apparatus of claim 53, further comprising: 

means for receiving a command to re-establish the first application environment; and 
means for executing, in response to the command to re-establish the first application 
environment, the first set of user processes again within the first non-global zone, thereby re- 
establishing the first application environment within the first non-global zone, wherein the 
first application environment is re-established within the first non-global zone without having 
to re-establish the first non-global zone. 
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